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DETAILED ACTION 

1. Claims 1-41 are pending in the application. 

Claim Rejections - 35 USC § 102 

2. The following is a quotation of the appropriate paragraphs of 35 

U. S C. 102 that form the basis for the rejections under this section made in this 
Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 
122(b), by another filed in the United States before the invention by the applicant for patent or 
(2) a patent granted on an application for patent by another filed in the United States before 
the invention by the applicant for patent, except that an international application filed under 
the treaty defined in section 351(a) shall have the effects for purposes of this subsection of an 
application filed in the United States only if the international application designated the United 
States and was published under Article 21 (2) of such treaty in the English language. 

3. Claims 1, 3-26, 28-35, and 37-41 are rejected under 35 U.S.C. 102(e) 
as being anticipated by Jamieson et al. (US 2005/0005094) (hereinafter 
'Jamieson'). 

As to claim 1, Jamieson teaches a computer security system comprising: 
a self-managed device that controls access to itself by a user (See 
[0041]); and 

a security module that authenticates a user and (See [0039]), in response 
to user authentication, automatically generate, transparently to the user, device 
credential data verifiable by the authentication system to enable access to the 
self-managed device (See [0005]). 

As to claim 3, Jamieson teaches the security module is adapted to 
automatically transmit, transparently to the user, the device credential data to the 
self-managed device (See [0005]). 
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As to claim 4, Jamieson inherently teaches the security module is 
adapted to receive a request from a networked administration client to activate the 
authentication system of the self-managed device (the authentication system must 
be activated in order to authenticate a user). 

As to claim 5, Jamieson inherently teaches the security module is 
disposed within a basic input/output system (BIOS). It is well known in the art to 
use a BIOS to implement a security protocol. 

As to claim 6, Jamieson teaches the security module is adapted to 
access relational data correlating the user to the device credential data for the 
self-managed device (See [0005]). 

As to claims 7 — 8, Jamieson teaches an activation/deactivation module 
accessible by an administration client to activate/deactivate the authentication 
system of the self-managed device (It is inherent that the authentication system 
of the self-managed device is activated/deactivated because it would need to be 
active in order to control user access and verify credentials and deactivated 
when not needed). 

As to claim 9, Jamieson inherently teaches the security module is 
adapted to receive a request from a networked administration client to deactivate 
the authentication system of the self-managed device (if there is no pending 
authentication request, then the authentication system must be deactivated). 

As to claim 10, Jamieson teaches the security module is adapted to 
perform a registration operation to register the self-managed device (See [0005]). 
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As to claims 11-15, Jamieson teaches the claimed system as set forth in 
claims 1 , 3-10. As such, Jamieson teaches the system utilizing broader means to 
carry out the functions of the system claimed in 1 1-1 5. 

As to claims 16-24, Jamieson teaches the claimed system as set forth in 
claims 1, 3-10. As such, Jamieson teaches the method to implement the 
system. 

As to claim 25, Jamieson teaches a security module executable by a 
processor that is adapted to access credential data to verify an identity of a user 
(See [0005] and See [0038]); and 

an activation/deactivation module accessible via a networked 
administration client adapted to interface with the security module in response to a 
request by the administration client to activate, transparently to the user, an 
authentication system of a self-managed device to control user access to the 
device (See [0005], [0035] and [0039]— it is inherent that the authentication 
system of the self-managed device is activated because it would need to be active 
in order to control user access and verify credentials). 

As to claim 26, Jamieson teaches the security module is adapted to 
automatically generate, transparently to the user, a device credential for 
verification by the authentication system (See [0005]). 

As to claim 28, Jamieson teaches this claim according to the reasoning 
set forth in claim 3 supra. 

As to claim 29, Jamieson inherently teaches the activation/deactivation 
module is adapted to display to the user registered self-managed devices 
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available for authentication system deactivation because if authentication is not 
needed, then the user should deactivate. 

As to claim 30, Jamieson teaches this claim according to the reasoning in 

claim 6. 

As to claims 31-35, Jamieson teaches the system as set forth in claims 1, 
3, 5, and 7. As such Jamieson teaches a similar system. 

As to claims 37-39, Jamieson teaches the system as forth in claims 1, 6, 
and 10. As such, Jamieson teaches the method for implementing the system. 

As to claim 40, Jamieson teaches encrypting the device credential data 
(See [0010]) 

As to claim 41, Jamieson teaches transmitting transparently to the user, 
encrypted device credential data to the self-managed device for decryption by the 
self-managed device to authenticate access to the device (See [0005] and 
[0010]). 

Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth in section 102 of this title, if the differences between the subject matter sought to 
be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 

5. Claim 2, 27, and 36 is rejected under 35 U.S.C. 103(a) as being 
unpatentable over Jamieson et al. (US 2005/0005094) in view of Bivens et 
al. (US 2003/0226036) (hereinafter 'Bivens'). 
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As to claim 2, 27, and 36, Jamieson teaches the system of claim 1 , 25, 
and 31, but does not specifically mention randomly generating the device 
credential data. Bivens et al. is cited to teach a similar method that uses a 
single set of credentials to access multiple applications. Bivens further mentions 
there is no need to individually configure each application with the user's identity 
and credentials (See [0012]). 

Bivens further teaches randomly generating the device credential (See 
[0045]). 

It would have been obvious to one of ordinary skill in the art to have 
combined Jamieson with the teachings of Bivens because randomly generating 
the device credentials would benefit Jamieson by not requiring the credentials to 
be previously stored. Furthermore, Bivens mentions if there is no credential 
stored, then the user is first authenticated and the user credentials are created 
and stored for later use (See [0044]-[0045]). 

Conclusion 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Jaweed A. Abbaszadeh whose telephone 
number is (571) 270-1640. The examiner can normally be reached on Mon-Fri: 
7:30 a.m.-5:00 p.m.. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Thomas C. Lee can be reached on (571 ) 272-3667. The 
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fax phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). If you would like assistance from a USPTO Customer Service 
Representative or access to the automated information system, call 800-786- 
9199 (IN USA OR CANADA) or 571-272-1000. 



JA 

7/12/2007 




